Ubuntu focal - ImportError: cannot import name _remove_dead_weakref

I've tried to reinstall Certbot after upgrading to Ubuntu 20.10. The installed version from ubuntus repo errors as below.

I've already deleted the virtualenv environment with:
rm -r /opt/eff.org

And any attempt to use certbot-auto to recreate the virtualenv fails as below.

I've tried to install from the certbot ppa but there is no focal release.

My domain is:

trying to create one

I ran this command:

$ sudo ./certbot-auto

It produced this output:

Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 6, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 5, in
import logging.handlers
File "/usr/lib/python2.7/logging/init.py", line 26, in
import sys, os, time, cStringIO, traceback, warnings, weakref, collections
File "/usr/lib/python2.7/weakref.py", line 14, in
from _weakref import (
ImportError: cannot import name _remove_dead_weakref

My web server is (include version):

The operating system my web server runs on is (include version):

Ubuntu 20.10 FOCAL

My hosting provider, if applicable, is:

Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.40.0

2 Likes

You are better off upgrading and installing from snapd:


Just choose your web server software

[don't forget to remove the current version of certbot first]

3 Likes

(Is 20.10 released yet? I thought it was still 2-3 weeks away)

/opt/eff.org/ is only used by certbot-auto, which is a standalone portable script, not an Ubuntu package.

certbot-auto is no longer supported on new releases of Ubuntu, which is why you get your error. Whatever you do next, you should remove certbot-auto.

The version of Certbot which you can install from Ubuntu Focal's base repos (0.40, https://packages.ubuntu.com/focal/certbot) should work just fine. You need to call it via certbot, not via certbot-auto. It's about 11 months old, but it should work OK.

If you want to keep up-to-date with the latest releases, snaps are the best way. If you go down that path, remove both certbot-auto and also the certbot apt package.

3 Likes

Unbuntu 20.10 beta ("Groovy Gorilla") was released, but the stable version won't be released until 22 October. All together there are 7 flavors.

3 Likes

Sorry good point 20.04 LTS!

I'm still at apt > snap person.

Will try the snap and delete certbot-auto.

I am trying to create a cert which will work with iOS, I understand that I need EKU and SAN flags. Is there an article anywhere on how to generate an iOS 13 accepted with the new cerbot? I have an openssl conf https://pastebin.com/7cEyv3QG but not sure how to use it with the new certbot.

Thanks

2 Likes

I'm not sure how OpenSSL is mixed up in this? The certificate is generated by Let's Encrypt, not by OpenSSL on your local computer.

1 Like

Hi - my point was more how do I create an cert which is iOS 13 friendly with certbot? the openssl config has the required EKU and SAN options, I don't know how this translates into certbot creating the equivalent with Let's Encrypt.

1 Like

Well, all the hostnames you'll choose will end up in the SAN (those not a flags by the way, like you've put it earlier, but called "Extensions") and the EKU will always be "serverAuth, clientAuth" which you cannot change.

2 Likes